It’s very tempting to use the most popular Linux distributions as a base for docker containers. In fact, most of the time, that is actually a good idea. However, when trying to build the most secure container possible, at the lowest possible size, these base images become bloat. Why include libraries and other binaries in your docker container if your application does not need them?
Continue reading

When you install docker, by default it will create a bridged interface docker0 with a 172.17.0.0/16 subnet for container networking. It will also create a MASQUERADE rule on your POSTROUTING iptables chain for container NAT. If this subnet is being used elsewhere on your network, then you should change this default subnet to avoid losing connectivity to these other networks:
Continue reading

Author's picture

gbolo

Security + DevOps Engineer

DevOps Engineer

Toronto